CLAIMS 



1 1 .\a method for enabling strong mutual authentication on a computer network comprising the 

2 stejXof: 

transmitting a first indicia to a first computer over a first commxmication channel; 
generating bV said first computer a first authentication number, a second authentication 

I number^^id a third authentication number; 

6 transmitting by said firs^omputer a first message to a second computer, wherein said 

7 first message compris^^said first authentication number encrypted by said second 

8 authentication number; \ 

9 transmitting by said first computer a second message to a verifier over a second 

10 communication channel, wherein said\econd message comprises said second 

I I authentication number encrypted and said third authentication number; 

12 decrypting by said verifier said second message to obtaife a first decrypted message, 

13 wherein said first decrypted message comprises said second authentication 

14 number; \ 

15 transmitting by said verifier said second authentication number to saiX second computer 

19 \ 



16 



over a third communication channel; 



17 



deciwpting by said second computer said first message transmitted by said first computer 



18 



recover said first authentication number; 
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transmitting^y said second computer a third message to said first computer over said first 
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communication channel, wherein said third message comprises said second 



authentication number encrypted by said first authentication number; and 



validating said second coni^ter by said first computer by decrypting said third message 
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to obtain said second aumentication number. 



1 2. The method of claim 1 , wherein said firk authentication number is a session number. 

1 3. The method of claim 1 , wherein said first inoicia is login information of a user for the said 



first computer. 



1 4. The method of claim 1 , wherein said second authentication number is a random number. 

1 5, The method of claim 1 , wherein said third authentication number is a random number. 

1 6. The method of claim 1 , wherein said first message further comprises said first authentication 



number encrypted with said second authentication number. 



1 7. The method of claim 1 , wherein said second message further comprises ah encrypted portion. 
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1 \8. The method of claim 7, wherein said encrypted portion further comprises said second 



authentication number encrypted in response to said first indicia. 



1 9. Thevmethod of claim 8, wherein said encrypted portion further comprises said first indicia 



encrypted with a private key. 



1| 1 0. The method V claim 1 , wherein said first decrypted message is decrypted by said verifier to 
2 validate said firstV)mputer to said verifier by recovering said third authentication number 



fi-om said first decrypted message. 



1 11. The method of claim 1 , whhrein said third message further comprises a third indicia. 

1 12. The method of claim 1 1, wherem said third indicia and said second authentication nimiber 



are encrypted with said first authentication number. 



1 13. The method of claim 1 , wherein said first communication channel is a confidential 



conmiunication channel. 



1 14. The method of claim 7, wherein said verifier has tMiperproof memory and processing to 

2 ensure the validity of said second message or said encrjmted portion of said second message. 
1 15. The method of claim 1, wherein said third communication channel is an output device. 

1 16. The method of claim 1, wherein transmitting said second messa^ further comprises the steps 

2 of starting a clock by said first computer and measuring a timeout period by said clock 
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3 Nwherein said timeout period defines the period of time during which said third message must 

4 be received by said first computer. 

1 17. The method for authenticating a third device to a first device comprising the steps of: 

2 encryptiKg a first key with a second key by said first device encrypting said second key 

3 with a^third key by said first device; 

^ A 

4 decrypting said enom)ted second key in response to said third key by a second device; 

5 and \ 

6 decrypting by said third device said encrypted first key using said second key obtained 

7 fi*om said second device. \ 

1 18. The method of claim 1 7 fiirther comprising the step of encrypting said second key with said 

2 first key by said third device. \ 

1 1 9. The method of claim 1 8 fiirther comprising the step\yf decrypting said encrypted second key 

2 using said first key by said first device. \ 

1 20. The method of claim 19 fiirther comprising the step of comparing said second key decrypted 

2 using said first key with said second key used to encrypt said first Key by said first device. 

1 21 . The method for authenticating a third device to a first device comprisinc the steps of: 

2 transmitting by said first device a first message to said third device; \ 
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3 \ transmitting by said first device a second message to a second device; 

4 Nransmitting by said second device a second key of said second message to said third 

5 \ device; and 

/Hj i 6 obtairmk by said third device a first key of said first message using said second key of 

0^1^ 17 said\econd encrypted key. 

1 22. The method of claims 1 , wherein said first message comprises said first key encrypted by 

2 said second key. \ 

m 1 23. The method of claim 21, whetein said second message further comprises an encrypted 
= ^1 2 portion. \ 

^'"^ 1 24. The method of claim 23, wherein said\ncrypted portion fiirther comprises said second key 
J'j^ 2 encrypted by a public key. \ 

Q 1 25. The method of claim 21 fiirther comprising traiWnitting by said third device a third message 
2 to said first device. \ 

1 26. The method of claim 25, wherein said third message comprises said second key encrypted by 

2 said first key. \ 

1 27. The method of claim 25 further comprising obtaining by said first device said second key of 

2 said third message using said first key of said first message. \ 
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1 28. The method of claim 27 further comprising said first device comparing said second key of 



said^ird message with said second key of said first message. 



1 29. The method of claim 21, wherein transmitting said second message further comprises the 

2 steps of startmg a clock by said first device and measuring a timeout period by said clock 




wherein said timeout period defines the period of time during which said third message must 
be received by said firsidevice. 

1 30. A system for enabling stroir^ mutual authenticating comprising: 

2 a first transmitter; 

3 a first receiver in communicatioiWith said first transmitter; 

4 an output device in communication ^th said first receiver; 

5 a second receiver in communication witn^aid output device; 

6 a second transmitter; and 

7 a comparator in communication with said second ttansmitter and said first transmitter, 

8 wherein said first transmitter transmits a first message to s^d second receiver over a first 

9 communication channel; 

10 wherein said first transmitter transmits a second message to said fir^ receiver over a second 



11 



communication channel; 
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wherein said output device transmits a second key derived from said second message to said 



13 



second receiver over a third conmiunication channel; 



14 wnterein said second transmitter transmits a third message to said comparator over said first 



15 



commxmication channel; 
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wherein saiXcomparator compares said second key of said third message with said second 
key of said first message; 
1 31. The system of claim ilO, wherein said first receiver further comprises a smart card. 
1 32, The system of claim 31, wherein said smart card comprises a tamperproof storage. 

1 33. The system of claim 32, wherein said smart card further comprises the identification of the 

2 positive identity of a user. 
1 34. The system of claim 30, wherein said first transmitter encrypts a first key with said second 



key to produce said first message. 



1 35. The system of claim 30, wherein said first transhiitter constructs an encrypted portion to 



produce said second message. 



1 36. The system of claim 35, wherein said first transmitter encm)ts said second key to produce 



said encrypted portion. 
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1 37. The system of claim 30, wherein said first receiver obtains said second key by decrypting 

2 Wd second message with a public key. 

1 38. TheWstem of claim 37, wherein said first receiver retrieves said public key fi:om its 

2 computerjnemory. 

39. The system olRclaim 30, wherein said second receiver decrypts said first message with said 
2 second key received from said output device to obtain said first key. 

1 40. The system of claim 3^ wherein said second receiver encrypts said second key received 

2 from said output device wim said first key of said first message to produce said third 

3 message. \ 

1 41. The system of claim 30, wherein said comparator decrypts said third message to obtain said 

2 second key. \ 

1 42. The system of claim 30, wherein said first communication channel is a confidential channel. 

1 43. The system of claim 30, wherein said second conmiunication channel is a confidential 

2 channel. \ 

1 44. The system of claim 30, wherein said third commimicationschannel is a confidential channel. 

1 45. The system of claim 30, wherein said second communication channel is a cellular 

2 communication channel. \ 
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46. Th^ystem of claim 30 further comprises a first input device in communication with said 
second receiver and said output device. 

47. The system of claini4^ wherein said output device is in conmiunication with said first input 
device over a confidential conrnnmication channel. 

48. The system of claim 30, wherein said firsbh:ansmitter comprises a clock used to measure the 
time period between transmitting said second mess^ to said first receiver and receiving 
said third message from said second transmitter. 
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